IOS 11.4 Siri Auth Bypass | CVE-2018-4238

IOS 11.4 Siri Auth Bypass | CVE-2018-4238

So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under

Settings > Siri > WhatsApp>”Use With Siri”

I turned it on and locked my iPhone just to see if i can use WhatsApp to send a Message when iPhone is Locked, I asked siri to send a Whatsapp Message to XYZ and it simply asked me what to send and compile and send a WhatsApp message from Locked Screen, It was normal behaviour Because I have Turned on the “Use With Siri” Option & also have enabled “Allow Siri on Lock Screen” Option.

But then I again went to Settings > Siri > WhatsApp>”Use With Siri” and Disabled this Option Which means that now On I should not have access to Whatsapp on Locked screen Using Siri, So i locked my phone and asked siri to Send a WhatsApp Message to XYZ but Instead of asking me to Unlock my Phone or I don’t have access to the feature Siri Asked me “I’ll need to Access Your Whatsapp data to do this. Is that OK?” and it have a Option Box with YES | NO as options so i simply select YES and it worked same as before i was able to send messages via WhatsApp when the Phone was locked & the Settings for WhatsApp Use With Siri was turned OFF

So the next thing i checked was i unlocked my phone and went to Settings > Siri > WhatsApp> and saw that the option “Use With Siri” was Enabled Which means that Siri Was able to Modify Settings from Locked screen

So i tested it on multiple devices running IOS 11.2.6 & Older Version of IOS till IOS 11 and it worked on all of them thus i compiled a report and send it to Apple via their Product Security Bug Bounty Program product-security@apple.com And Apple Took it seriously as a Security issue and Patched it up in newer Version of IOS now when the “Use With Siri” Option is Disabled and you ask siri to Send a WhatsApp message it simply reply as “You Need to unlock Your iPhone First”

POC Video:

Disclosure timeline:

Issue Identified: 08-03-2018

Issue Reported: 10-03-2018

New Version with Patch released: 29-03-2018

Apple Acknowledged that i reported the issue and going to add my name to Apple Product Security Hall of Fame